XSS Vulnerability in D-Link DIR Series Routers
CVE-2018-6528

6.1MEDIUM

Key Information:

Vendor
D-Link
Status
Dir-860l Firmware
Vendor
CVE Published:
6 March 2018

Summary

An XSS vulnerability exists in the D-Link DIR-868L, DIR-865L, and DIR-860L routers, allowing remote attackers to exploit the SOAP protocol. By manipulating the receiver parameter in a crafted request, attackers can read sensitive cookies, potentially compromising user sessions and sensitive data. This vulnerability highlights the need for timely firmware updates to mitigate security risks.

References

ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/D...
x_refsource_CONFIRM
ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/D...
x_refsource_CONFIRM
https://github.com/TheBeeMan/Pwning-multiple-dlink-router...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.